8. Safety and security

8.3 security of data

8.1

Effective security of data

Define the term hacking and describe its effects

Explain what is meant by the term hacking and the measures that must be taken in order to protect data.

Explain what is meant by the terms user id and password stating their purpose and how they are used to increase the security of data

Explain what is meant by the terms biometric data and why biometric data is used

Objective

In this chapter learners are should be able to describe what a hacker is and describe ways to avoid getting hacked. Students should also be aware of a number of scams that hackers use to get peoples personal details.

Security of data

With the proliferation of the Internet many devices connect to the Internet. This puts many of these devices at risk from the security risks.

Examiners will expect you to describe the risk, explain the effects of the risks and give ways of preventing/removing risk. You risks that you need to be aware of are:

Hacking

Phishing

Smishing

Vishing

Pharming

Spyware

Viruses

Span

Moderated and unmoderated forums

Cookies

Hacking

What is hacking?

Hacking is gaining unauthorised access to a computer system

What are the effects of hacking?

Can lead to identity theft (pretending to be someone else) or misuse personal data

Data can also be deleted, changed or corrupted on users computer

How can we remove the risk of hacking?

Use a firewall

Use a strong password

Frequently change password

Use a username and password

Phishing

What is Phishing?

Senders send legitimate looking emails. These emails look like they come from a bank because they contain bank logos, address and telephone numbers.

The email looks legitimate (real) and often asks you to reply to the email confirming personal information such as username and password, address, Date of birth etc.

What are the effects of Phishing?

Creator of email can gain personal information such as bank account details and personal information which could lead to identity fraud (pretend to be you when buying a car, booking a holiday etc).

How can we reduce the risk of phishing?

Many ISP’s filter phishing emails

Never open email attachments where you don’t know the sender

Smishing and Vishing

What is Smishing and Vishing?

Smishing

Smishing is short for SMS phishing, but instead of receiving an email you receive a text message that contains a link to website or a telephone number. The text message appears to be from a reliable bank or online site but is in actual fact scam get personal or private information.

Vishing

Vishing is short for voice mail phishing, but instead of receiving an email you receive a voice message that appears to be from a legitimate organisation such as a bank.

The caller tries to trick you into calling a number and providing confidential information that can be used to extract confidential information such as usernames and passwords, credit card details etc.

Pharming

What is pharming?

Pharming involves malicious code being installed onto a user’s computer that redirects them to fake website without their knowledge. The website often looks legitimate because it looks the same.

What are the effects of pharming?

The creator of the malicious code tries to get personal data such credit card details to commit identity fraud

How can we reduce the risk of pharming?

Install anti-spyware software to look for malicious code

Ensure that you only type data into a secure website that has the prefix https or padlock

Spyware

What is Spyware and key-logging software?

Spyware software is software that gathers data by monitoring key presses on a user’s keyboard which is then sent back to the person who created the software.

What are the effects of spyware/key-logger software?

Allows the sender of the software monitor all key presses to get access to usernames and password. Spyware could also be used to read cookie data and change the default browser,

How can we reduce the risk of spyware/key-logger software?

Use anti spyware to reduce the risk

Use a pointing device to select characters from a drop down menu instead of typing